That's setting a variable, not a parameter. You need something like psql "dbname=postgres user=kalle host=server sslmode=require" Or PGSSLMODE=require /usr/bin/pgsql-same-as-you-had-before //Magnus On Thu, Dec 17, 2020 at 5:00 PM Gustavsson Mikael <mikael.gustavsson@xxxxxxx> wrote: > > Hi Magnus, > > > The clients 11 and 13 is on the same host. > > > Hmm, I get the same error if I set sslmode=require. > > > $ /usr/pgsql-13/bin/psql -d postgres --set=sslmode=require -Ukalle -hserver -W > Password: > psql: error: FATAL: no pg_hba.conf entry for host "nn.nnn.n.nnn", user "kalle", database "postgres", SSL off > FATAL: no pg_hba.conf entry for host "nn.nnn.n.nnn", user "kalle", database "postgres", SSL off > > KR Mikael Gustavsson, SMHI > > > ________________________________ > Från: Magnus Hagander <magnus@xxxxxxxxxxxx> > Skickat: den 17 december 2020 15:52:55 > Till: Gustavsson Mikael > Kopia: Tom Lane; Kyotaro Horiguchi; pgsql-general@xxxxxxxxxxxxxx; Svensson Peter > Ämne: Re: SV: Problem with ssl and psql in Postgresql 13 > > On Thu, Dec 17, 2020 at 3:36 PM Gustavsson Mikael > <mikael.gustavsson@xxxxxxx> wrote: > > > > > > Hi, > > > > log_connections is on. The ERR message is correct, we do not have an entry for SSL off. > > The question is why psql(13) is trying to connect without ssl? > > > > 2020-12-17T14:25:09.565566+00:00 server INFO [30-1] pgpid=2422778 pguser=[unknown] pghost=nnn.nn.n.nnn pgdb=[unknown] pgapp=[unknown] LOG: connection received: host=nnn.nn.n.nnn port=40112 > > 2020-12-17T14:25:09.566411+00:00 server ERR [31-1] pgpid=2422778 pguser=kalle pghost=nnn.nn.n.nnn pgdb=postgres pgapp=[unknown] FATAL: no pg_hba.conf entry for host "nnn.nn.n.nnn", user "kalle", database "postgres", SSL off > > > By default psql/libpq will fall back to a clear text connection if the > ssl encrypted one failed. Specify sslmode=require (or preferably > higher) in the connection string or set PGSSLMODE=require on the > client to disable that behavior. If you do that, my guess is you will > see a direct connection failure instead of that error? > > PostgreSQL 13 did change the default value for minimum tls version to > 1.2. But that seems unlikely to be the problem since you get TLS 1.3 > when you use the old version... > > I assume you're running both the 11 and the 13 client on the same host? -- Magnus Hagander Me: https://www.hagander.net/ Work: https://www.redpill-linpro.com/
